Setup Instructions for New Team Members

Accounts, Group Memberships, Certificates, Etc.

Computing account at FNAL*

Computing account at CERN*

CERN user certificate* installed on your web browser

CMS VO Registration*

    • go to the CMS VOMRS server, and follow the instructions
    • Select all the necessary roles for your functions (Ask Jen Adelman-McCarthy or David Mason)
      • You need at least be in:
        • /cms/uscms
        • /cms/TEAM

CMS hypernews account* and subscribe to the hn-cms-comp-ops mailing list

Elog account*

TWiki registration*

Github account*

    • Go to and create a new GH account if not already created and share it with your supervisor to be a contributor to the project.

Getting access to cmst1 account*

    • Send an email to Sharad and Alan providing your CERN AFS/Nice username with CC to Since you need to:
      • be added to the AFS cmst1:users
      • be added to the cms-comp-ops-workflow-team egroup
      • be added to the cmst1.pp puppet manifest

Subscribe to E-groups*

    • to do this, go to and log in with your CERN username and password
    • search for and subscribe to these e-groups:
      • cms-comp-ops
      • cms-comp-ops-workflow-team

Become a member of the zh:lcg_writers afs group (for site support team members)

    • Search and apply for this e-group: cms-afs-lcg-writers, it synchronized to the afs group once per day
    • You need to be a member of this afs group in order to have permission to edit files which you will need work on them
    • You can check members of this group by using this command: pts membership zh:lcg_writers
    • Note, when you get the membership, do not forget to renew your afs token by using this command: kinit

Become a member of the cmsdataops account at FNAL

    • to do this, contact Jen Adelman-McCarthy requesting to be added to the cmsdataops account at fnal

Make sure you appear in SiteDB

GGUS account*

    • Go to
    • Load your certificate information.
    • Use Registration link on the left side panel and select Support access (So you can update tickets).

Proxy-ssh and SSH tunnels* to several machines at FNAL and CERN

    • In order to access the WMAgent instances and for some monitoring plots to show up, you will need to create ssh tunnels to several machines.
    • Follow the instructions HERE
    • If you would monitoring the agent machines, you should also be enroled in the cmst1 group. Ask who owns the cmst1 password to add you.

Proxy certificate*: installing your cert in remote machines and getting a proxy

    • A proxy certificate is needed for any operation that uses ssl (authentication X509). These operations are: move files within the grid, to assign jobs, and to access to cmsweb.
    • This needs to be re-done once your proxy expires (usually 1 or 2 days)
    • export your myCert.p12 from your browser to your home area [do cd ~ in shell to find out where is it]
    • once a year you will need to renew your proxy.

    • unpack it by doing the following:
      cd ~ # this moves to your home area 
      openssl pkcs12 -in myCert.p12 -out myPublicCert.pem -clcerts -nokeys # this creates: myPublicCert.pem 
      openssl pkcs12 -in myCert.p12 -out myPrivKey.pem -nocerts #this creates : myPrivKey.pem 
      [enter a new password to protect your private key] 
    • now move these to your afs space:
      • from local machine do:
        then in lxplus or cmspc do: 
        mkdir .globus [this is the standard place for voms certificates]
        from local machine do:
        cd ~
        scp ~/myPrivKey.pem
        scp ~/myPublicCert.pem
    1. now you need to change permissions on the files:
chmod 400 userkey.pem   # owner read only
chmod 600 usercert.pem   # owner R&W
    • you are now ready to get your proxy:
      • lxplus (new SL6 machines)
        voms-proxy-init -voms cms 
      • lxplus5 (old SL5 machines):
        source /afs/ voms-proxy-init -voms cms 
      • cmspc:
        source /uscmst1/prod/grid/ voms-proxy-init -voms cms 

  • Access to the T&I Services: ACDC Console
    • ACDC Console is behind CERN firewall, so one needs to tunnel into CERN network to access. Please follow the following instructions to do so:
Edit | Attach | Watch | Print version | History: r59 < r58 < r57 < r56 < r55 | Backlinks | Raw View | WYSIWYG | More topic actions
Topic revision: r59 - 2021-11-09 - HasanOzturk
    • Cern Search Icon Cern Search
    • TWiki Search Icon TWiki Search
    • Google Search Icon Google Search

    CMSPublic All webs login

This site is powered by the TWiki collaboration platform Powered by PerlCopyright &© 2008-2023 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
or Ideas, requests, problems regarding TWiki? use Discourse or Send feedback